Mozilla closes critical security holes

Only most recent versions are affected by these Vulnerabilities

Mozilla has released Firefox 10.0.1, Firefox ESR 10.0.1, Thunderbird 10.0.1, Thunderbird ESR 10.0.1 and SeaMonkey 2.7.1 to fix a single critical security hole in the browsers and mail clients which appeared in version 10. The security advisory says that versions previous to Firefox 10, Thunderbird 10 and Seamonkey 2.7 are unaffected by the use after free problem.

The problem was discovered by Mozilla developers and causes a “potentially exploitable” crash in nsXBLDocumentInfo::ReadPrototypeBindings. Updates are available through Firefox, Thunderbird and SeaMonkey’s automatic update system and can be made to install by bringing up the “About” dialogue for the relevant application and selecting the “Apply Upgrade” button when it appears. Firefox and Thunderbird 10 were released at the end of January.

The updates are also available for the new ESR (Extended Support Release) versions of the browser and email client, Firefox ESR and Thunderbird ESR which are currently in their “qualification” phase.